Summary: Cisco has published a security advisory for a denial-of-service (DoS) vulnerability in its IOS XR Software, specifically affecting the BGP confederation implementation. The vulnerability, identified as CVE-2025-20115, allows a remote attacker to trigger a DoS condition by exploiting memory corruption via crafted BGP update messages. Cisco has provided workarounds and software updates to mitigate this vulnerability, urging users to assess their configurations accordingly.
Affected: Cisco IOS XR Software
Keypoints :
- Vulnerability identified as CVE-2025-20115, impacting BGP confederation implementations.
- Potential denial of service due to memory corruption from BGP update messages with excessive AS numbers.
- Workarounds include restricting BGP AS_CONFED_SEQUENCE attribute to fewer than 255 AS numbers.
- Software updates available for affected Cisco IOS XR releases to ensure security.
- Cisco advises users to evaluate workarounds in their specific environments.